[Rifleman]

Uhhhh...no. There were no real computers harmed in the making of this FUD.

They just counted the vulnerabilities that turned up times the days until a patch was released and added those up. Since MS tries hard to keep security holes secret until patches are available (and Open Source mostly doesn't) this is not a meaningful metric.

And since the Windows security holes tend to be "allows black hat to remotely own your pc, steal your passwords and identity and transfer all your money to liberia" and Linux holes tend to be, "promote local user to the permissions of the user that this application runs on" it is like saying that catching ebola twice is better than catching a cold five times.

If they had set up a Linux and a Windows 2003 server (patch 'em all you want, or even patch the Windows machine and not the Linux) then connected them to the net outside the firewall and tested for "time 'till security is breached" this might mean something.

[KwasiOwusu]

"Uhhhh...no. There were no real computers harmed in the making of this FUD"

There were.
# 2,its FACTS not FUD.
# 3, Linux lost.
Get over it.

[dalight]

I agree that this might be an interesting meteric if we lived in a perfect world, but even this would be alot of luck of the draw. If you posted a bounty on a net site and dared hackers to compromise one or both of the boxes and time that.. and you got a similarly experienced MCSE and RHCE to do the set ups.. then.. perhaps this would be meaningful.

Grade by time to compromise and severity of compromise accomplished.